A malicious version of the Jscrambler npm package, [email protected], was published at 15:12 UTC on 11 July 2026. The compromised release executed a dropper via an npm preinstall hook that detected the host operating system and extracted a platform-specific native binary for W...